Creating a group or permission mapping from SSO

Comments Off on Creating a group or permission mapping from SSO

Using SSO, you can rely on external authentication methods in vScope. Once configured, you can use the external identity provider (IDP) to assign vScope users permissions and/or groups. If you have not yet configured SSO, please start by reading Setting up Azure Single Sign-On (SSO).

Important notice Depending on what permissions you have configured in your app registrations in Azure, vScope may not have sufficient permissions to read eg. groups from Azure. If something goes wrong, please revise your group claims in Azure.

1. Enabling group mapping in vScope

  1. In vScope, go to Settings > Users & Access > Single Sign-On (you need to have admin permissions to do this)
  2. If you have enabled Azure Single Sign-On, you should be able to enable group mapping
  3. Select which group (permission or user group) in vScope you want to add a mapping to by clicking +

2. Creating a group mapping

  1. First, select property in Azure you want to base your mapping on
  2. Enter a name of your mapping. This is only used in vScope to help you remember the mapping.
  3. Enter the object id of the user/group in Azure. You can find the group id in Azure
  4. Preview your mapping and click Add

In this configuration, we have added so that any user in Azure, a member of the Customer Success group, will automatically be assigned the permission Contributor upon login.